Lucene search
K

566 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-13377

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-13377 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added last week10 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.5 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:8 p.m.14 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-0154

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49812

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.4AI score0.00095EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:27 a.m.20 views

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/05 4:10 a.m.17 views

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/06/02 2:35 p.m.37 views

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:35 p.m.11 views

EUVD-2026-33945

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

9.1CVSS5.7AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

PUB-A-449725859

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.4AI score0.00231EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K000161023)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161023 advisory. When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.40 views

CVE-2026-40423 BIG-IP SIP profile vulnerability

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40423

CVE-2026-40423 affects BIG-IP SIP profile on a virtual server. Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, disrupting traffic and allowing a remote, unauthenticated attacker to trigger a DoS. Impact is shown as HIGH (CVSS v3.1: 7.5) and HIGH (CVSS v4.0: 8....

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software21
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, which stems from virtual servers...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40646

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When a SIP Session Initiation Protocol profile is configured on a virtual server, undisclosed traffic can cause the...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:31 a.m.13 views

EUVD-2026-29354

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References3
Rows per page
Query Builder